- From: Dave Koston <notifications@github.com>
- Date: Tue, 27 Dec 2016 17:21:27 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 28 December 2016 01:22:00 UTC
I understand that providing back a status code could be a potential information leak (i.e. a 404 from a GET request vs a 200). Offering developers flexibility in this matter would be nice. If there's a 403 for example, we're not leaking anything other than you have bad credentials and a reasonable rate limit will prevent abuse. Our goal is to not send a second HTTP request/response when the first one would be sufficient to satisfy the condition. I understand he security implications but not allowing us to choose how to consume CORS means that there will be quadrillions of extra http requests per year wasting CPU cycles and global power. Having the ability to choose to send back an error code on the pre-flight response would allow us to make things much more efficient. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/443#issuecomment-269408762
Received on Wednesday, 28 December 2016 01:22:00 UTC